From 5516ad195c2dd6cf3c827557cd1dea578bdde76b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Fri, 23 Dec 2022 23:30:39 +0200 Subject: [PATCH] Add descheduler --- kube-system/descheduler.yaml | 165 +++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 kube-system/descheduler.yaml diff --git a/kube-system/descheduler.yaml b/kube-system/descheduler.yaml new file mode 100644 index 0000000..1412d59 --- /dev/null +++ b/kube-system/descheduler.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: descheduler + namespace: kube-system + labels: + app.kubernetes.io/name: descheduler +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: descheduler + namespace: kube-system + labels: + app.kubernetes.io/name: descheduler +data: + policy.yaml: | + apiVersion: "descheduler/v1alpha1" + kind: "DeschedulerPolicy" + strategies: + LowNodeUtilization: + enabled: true + params: + nodeResourceUtilizationThresholds: + targetThresholds: + cpu: 50 + memory: 50 + pods: 50 + thresholds: + cpu: 20 + memory: 20 + pods: 20 + RemoveDuplicates: + enabled: true + RemovePodsHavingTooManyRestarts: + enabled: true + params: + podsHavingTooManyRestarts: + includingInitContainers: true + podRestartThreshold: 100 + RemovePodsViolatingInterPodAntiAffinity: + enabled: true + RemovePodsViolatingNodeAffinity: + enabled: true + params: + nodeAffinityType: + - requiredDuringSchedulingIgnoredDuringExecution + RemovePodsViolatingNodeTaints: + enabled: true + RemovePodsViolatingTopologySpreadConstraint: + enabled: true + params: + includeSoftConstraints: false +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: descheduler + labels: + app.kubernetes.io/name: descheduler +rules: +- apiGroups: ["events.k8s.io"] + resources: ["events"] + verbs: ["create", "update"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "watch", "list"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list", "delete"] +- apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["get", "watch", "list"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "update"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["descheduler"] + verbs: ["get", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: descheduler + labels: + app.kubernetes.io/name: descheduler +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: descheduler +subjects: + - kind: ServiceAccount + name: descheduler + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: descheduler + namespace: kube-system + labels: + app.kubernetes.io/name: descheduler +spec: + replicas: 2 + selector: + matchLabels: &selectorLabels + app.kubernetes.io/name: descheduler + template: + metadata: + labels: *selectorLabels + spec: + priorityClassName: system-cluster-critical + serviceAccountName: descheduler + containers: + - name: descheduler + image: "k8s.gcr.io/descheduler/descheduler:v0.25.1" + imagePullPolicy: IfNotPresent + command: + - "/bin/descheduler" + args: + - "--policy-config-file" + - "/policy-dir/policy.yaml" + - "--descheduling-interval" + - 5m + - "--v" + - "3" + - --leader-elect=true + ports: + - containerPort: 10258 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10258 + scheme: HTTPS + initialDelaySeconds: 3 + periodSeconds: 10 + resources: + requests: + cpu: 500m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /policy-dir + name: policy-volume + volumes: + - name: policy-volume + configMap: + name: descheduler